Purpose
Generates a new key and re-encrypts volume or file.
Syntax and Description
acfsutil encr rekey -h acfsutil encr rekey -m mount_point {-f [-r] path [path…] |-v } [-a {AES} -k {128|192 |256}]
acfsutil
encr
rekey
-h
displays help text and exits.
Table 16-82 contains the options available with the acfsutil
encr
rekey
command.
Table 16-82 Options for the acfsutil encr rekey command
Option | Description |
---|---|
|
Specifies the directory where the file system is mounted. |
|
Generates a new file encryption key for the specified path and then encrypts the data with the new key. If -r is specified, the rekey operation is performed recursively under
|
|
Generates a new volume encryption key (VEK) for the specified mount point and then encrypts all the file encryption keys in file system with the new key. Prompts for the wallet password because the wallet must be accessed to store the new VEK. The generated key is stored in the key store that was previously configured with the |
|
Specifies the algorithm. Advanced Encryption Standard (AES) is the only encryption supported for this release. |
|
Specifies the key length for the directory or file specified by |
This command cannot be run on security realm-protected files.
The default values for the -a
and -k
are determined by the volume parameters specified when acfsutil
encr
set
was run.
The path
option can specify a path to a file or directory in a read-write snapshot. If the -r
option is specified with the command on the root directory, the command does not transverse the snapshots under the .ACFS
directory. If a rekey operation is specified at the file system level, then the operation does not process files and directories of snapshots in the .ACFS/snaps/
directory.
If Oracle Key Vault is the key store for the file system, then the Oracle Key Vault home environmental variable (OKV_HOME
) must be set when using the -v
option to generate a new volume key. If the client was configured to use a password with Oracle Key Vault, then the same password must be entered when prompted.
Oracle Key Vault Administrator's Guide for information about Oracle Key Vault
Only a user with root or system administrator privileges can run this command with the -v
option. The file owner can also run this command with the -f
option to rekey encryption on the directory or file.
Examples
The following are examples of the use of acfsutil
encr
rekey
.